📄 ntundoc.c
字号:
.NtQueryValueKey = (void*) 0x001178B0,
.NtSetInformationFile = (void*) 0x000ACC7A,
.NtSetValueKey = (void*) 0x00117F42,
.ObpFreeObject = (void*) 0x000DBCA4,
.PspTerminateProcess = (void*) 0x000E7402,
.swprintf = (void*) 0x000646E0,
.ZwOpenProcess = (void*) 0x0002FF18,
.ZwProtectVirtualMemory = (void*) 0x0002FFE8,
.ZwReadVirtualMemory = (void*) 0x000302B8,
}
},
{
TEXT("ntoskrnl 5.00.2195.7035 (english)"),
TEXT("42258BD819CB80"),
{
.NtCreateProcess = (void*) 0x000E20C4,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAF6A,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E312C,
.NtQueryInformationFile = (void*) 0x000A8B74,
.NtQueryKey = (void*) 0x001134CC,
.NtQueryValueKey = (void*) 0x00113762,
.NtSetInformationFile = (void*) 0x000A91FA,
.NtSetValueKey = (void*) 0x00113DF4,
.ObpFreeObject = (void*) 0x000D7B48,
.PspTerminateProcess = (void*) 0x000E32AE,
.swprintf = (void*) 0x00061440,
.ZwOpenProcess = (void*) 0x0002FEDC,
.ZwProtectVirtualMemory = (void*) 0x0002FFAC,
.ZwReadVirtualMemory = (void*) 0x0003027C,
}
},
{
TEXT("ntoskrnl 5.00.2195.7035 (french)"),
TEXT("42258BD819D940"),
{
.NtCreateProcess = (void*) 0x000E20C4,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAF6A,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E312C,
.NtQueryInformationFile = (void*) 0x000A8B74,
.NtQueryKey = (void*) 0x001134CC,
.NtQueryValueKey = (void*) 0x00113762,
.NtSetInformationFile = (void*) 0x000A91FA,
.NtSetValueKey = (void*) 0x00113DF4,
.ObpFreeObject = (void*) 0x000D7B48,
.PspTerminateProcess = (void*) 0x000E32AE,
.swprintf = (void*) 0x00061440,
.ZwOpenProcess = (void*) 0x0002FEDC,
.ZwProtectVirtualMemory = (void*) 0x0002FFAC,
.ZwReadVirtualMemory = (void*) 0x0003027C,
}
},
{
TEXT("ntoskrnl 5.00.2195.7035 (german)"),
TEXT("42258BD819D440"),
{
.NtCreateProcess = (void*) 0x000E20C4,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAF6A,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E312C,
.NtQueryInformationFile = (void*) 0x000A8B74,
.NtQueryKey = (void*) 0x001134CC,
.NtQueryValueKey = (void*) 0x00113762,
.NtSetInformationFile = (void*) 0x000A91FA,
.NtSetValueKey = (void*) 0x00113DF4,
.ObpFreeObject = (void*) 0x000D7B48,
.PspTerminateProcess = (void*) 0x000E32AE,
.swprintf = (void*) 0x00061440,
.ZwOpenProcess = (void*) 0x0002FEDC,
.ZwProtectVirtualMemory = (void*) 0x0002FFAC,
.ZwReadVirtualMemory = (void*) 0x0003027C,
}
},
{
TEXT("ntoskrnl 5.00.2195.7035 (spanish)"),
TEXT("42258BD819DFC0"),
{
.NtCreateProcess = (void*) 0x000E20C4,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAF6A,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E312C,
.NtQueryInformationFile = (void*) 0x000A8B74,
.NtQueryKey = (void*) 0x001134CC,
.NtQueryValueKey = (void*) 0x00113762,
.NtSetInformationFile = (void*) 0x000A91FA,
.NtSetValueKey = (void*) 0x00113DF4,
.ObpFreeObject = (void*) 0x000D7B48,
.PspTerminateProcess = (void*) 0x000E32AE,
.swprintf = (void*) 0x00061440,
.ZwOpenProcess = (void*) 0x0002FEDC,
.ZwProtectVirtualMemory = (void*) 0x0002FFAC,
.ZwReadVirtualMemory = (void*) 0x0003027C,
}
},
{
TEXT("ntkrpamp 5.00.2195.7045 (?)"),
TEXT("427B58D31A7B40"),
{
.NtCreateProcess = (void*) 0x000EA7F8,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000D30D6,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000EB862,
.NtQueryInformationFile = (void*) 0x000B0BFE,
.NtQueryKey = (void*) 0x0011BC5A,
.NtQueryValueKey = (void*) 0x0011BEF0,
.NtSetInformationFile = (void*) 0x000B1276,
.NtSetValueKey = (void*) 0x0011C582,
.ObpFreeObject = (void*) 0x000E0274,
.PspTerminateProcess = (void*) 0x000EB9E4,
.swprintf = (void*) 0x00067220,
.ZwOpenProcess = (void*) 0x00031C54,
.ZwProtectVirtualMemory = (void*) 0x00031D24,
.ZwReadVirtualMemory = (void*) 0x00031FF4,
}
},
{
TEXT("ntkrpamp 5.00.2195.7045 (french)"),
TEXT("427B58D31A8900"),
{
.NtCreateProcess = (void*) 0x000EA7F8,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000D30D6,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000EB862,
.NtQueryInformationFile = (void*) 0x000B0BFE,
.NtQueryKey = (void*) 0x0011BC5A,
.NtQueryValueKey = (void*) 0x0011BEF0,
.NtSetInformationFile = (void*) 0x000B1276,
.NtSetValueKey = (void*) 0x0011C582,
.ObpFreeObject = (void*) 0x000E0274,
.PspTerminateProcess = (void*) 0x000EB9E4,
.swprintf = (void*) 0x00067220,
.ZwOpenProcess = (void*) 0x00031C54,
.ZwProtectVirtualMemory = (void*) 0x00031D24,
.ZwReadVirtualMemory = (void*) 0x00031FF4,
}
},
{
TEXT("ntkrpamp 5.00.2195.7045 (german)"),
TEXT("427B58D31A8400"),
{
.NtCreateProcess = (void*) 0x000EA7F8,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000D30D6,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000EB862,
.NtQueryInformationFile = (void*) 0x000B0BFE,
.NtQueryKey = (void*) 0x0011BC5A,
.NtQueryValueKey = (void*) 0x0011BEF0,
.NtSetInformationFile = (void*) 0x000B1276,
.NtSetValueKey = (void*) 0x0011C582,
.ObpFreeObject = (void*) 0x000E0274,
.PspTerminateProcess = (void*) 0x000EB9E4,
.swprintf = (void*) 0x00067220,
.ZwOpenProcess = (void*) 0x00031C54,
.ZwProtectVirtualMemory = (void*) 0x00031D24,
.ZwReadVirtualMemory = (void*) 0x00031FF4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7045 (english)"),
TEXT("427B58D31A2480"),
{
.NtCreateProcess = (void*) 0x000E620C,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB84,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7274,
.NtQueryInformationFile = (void*) 0x000AC5F2,
.NtQueryKey = (void*) 0x0011760C,
.NtQueryValueKey = (void*) 0x001178A2,
.NtSetInformationFile = (void*) 0x000ACC78,
.NtSetValueKey = (void*) 0x00117F34,
.ObpFreeObject = (void*) 0x000DBC98,
.PspTerminateProcess = (void*) 0x000E73F6,
.swprintf = (void*) 0x000646F0,
.ZwOpenProcess = (void*) 0x0002FF24,
.ZwProtectVirtualMemory = (void*) 0x0002FFF4,
.ZwReadVirtualMemory = (void*) 0x000302C4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7045 (french)"),
TEXT("427B58D31A3240"),
{
.NtCreateProcess = (void*) 0x000E620C,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB84,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7274,
.NtQueryInformationFile = (void*) 0x000AC5F2,
.NtQueryKey = (void*) 0x0011760C,
.NtQueryValueKey = (void*) 0x001178A2,
.NtSetInformationFile = (void*) 0x000ACC78,
.NtSetValueKey = (void*) 0x00117F34,
.ObpFreeObject = (void*) 0x000DBC98,
.PspTerminateProcess = (void*) 0x000E73F6,
.swprintf = (void*) 0x000646F0,
.ZwOpenProcess = (void*) 0x0002FF24,
.ZwProtectVirtualMemory = (void*) 0x0002FFF4,
.ZwReadVirtualMemory = (void*) 0x000302C4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7045 (spanish)"),
TEXT("427B58D31A38C0"),
{
.NtCreateProcess = (void*) 0x000E620C,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB84,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7274,
.NtQueryInformationFile = (void*) 0x000AC5F2,
.NtQueryKey = (void*) 0x0011760C,
.NtQueryValueKey = (void*) 0x001178A2,
.NtSetInformationFile = (void*) 0x000ACC78,
.NtSetValueKey = (void*) 0x00117F34,
.ObpFreeObject = (void*) 0x000DBC98,
.PspTerminateProcess = (void*) 0x000E73F6,
.swprintf = (void*) 0x000646F0,
.ZwOpenProcess = (void*) 0x0002FF24,
.ZwProtectVirtualMemory = (void*) 0x0002FFF4,
.ZwReadVirtualMemory = (void*) 0x000302C4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7045 (1)"),
TEXT("427B58D31A2D40"),
{
.NtCreateProcess = (void*) 0x000E620C,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB84,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7274,
.NtQueryInformationFile = (void*) 0x000AC5F2,
.NtQueryKey = (void*) 0x0011760C,
.NtQueryValueKey = (void*) 0x001178A2,
.NtSetInformationFile = (void*) 0x000ACC78,
.NtSetValueKey = (void*) 0x00117F34,
.ObpFreeObject = (void*) 0x000DBC98,
.PspTerminateProcess = (void*) 0x000E73F6,
.swprintf = (void*) 0x000646F0,
.ZwOpenProcess = (void*) 0x0002FF24,
.ZwProtectVirtualMemory = (void*) 0x0002FFF4,
.ZwReadVirtualMemory = (void*) 0x000302C4,
}
},
{
TEXT("ntkrnlpa 5.00.2195.7045 (2)"),
TEXT("427B58D31C7C00"),
{
.NtCreateProcess = (void*) 0x000E620C,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CEB84,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E7274,
.NtQueryInformationFile = (void*) 0x000AC5F2,
.NtQueryKey = (void*) 0x0011760C,
.NtQueryValueKey = (void*) 0x001178A2,
.NtSetInformationFile = (void*) 0x000ACC78,
.NtSetValueKey = (void*) 0x00117F34,
.ObpFreeObject = (void*) 0x000DBC98,
.PspTerminateProcess = (void*) 0x000E73F6,
.swprintf = (void*) 0x000646F0,
.ZwOpenProcess = (void*) 0x0002FF24,
.ZwProtectVirtualMemory = (void*) 0x0002FFF4,
.ZwReadVirtualMemory = (void*) 0x000302C4,
}
},
{
TEXT("ntoskrnl 5.00.2195.7045 (english)"),
TEXT("427B58BB19CB40"),
{
.NtCreateProcess = (void*) 0x000E20BE,
.NtCreateProcessEx = NULL,
.NtCreateSection = (void*) 0x000CAF6C,
.NtCreateUserProcess = NULL,
.NtTerminateProcess = (void*) 0x000E3126,
.NtQueryInformationFile = (void*) 0x000A8B72,
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -